Christian Larsen

At Anchor, a large number of our customers seek various certifications for their hosted properties. These commonly include PCI, IRAP and many others. The business drivers for undertaking a certification programme vary between customers, but often involve the need to meet some form or regulatory or industry compliance requirement. Whilst it may not be the initial driver, the fundamental goal of many of these activities is to reduce business risk by improving security posture. We’ve become accustomed to dealing with auditors to assist our customers in undertaking certification initiatives. Unfortunately, just as in any industry, the quality of service, analysis and rigour that these entities employ can vary wildly. Automated scans Auditors commonly use automated tooling as an initial mechanism when assessing the compliance of a hosted infrastructure against the certification that…